Changeset 6183
- Timestamp:
- 10/03/2007 04:17:54 PM (17 years ago)
- Location:
- branches/2.3/wp-includes
- Files:
-
- 3 edited
Legend:
- Unmodified
- Added
- Removed
-
branches/2.3/wp-includes/default-filters.php
r6141 r6183 26 26 } 27 27 28 // URL28 // Save URL 29 29 $filters = array('pre_comment_author_url', 'pre_user_url', 'pre_link_url', 'pre_link_image', 30 'pre_link_rss', 'comment_url'); 30 'pre_link_rss'); 31 foreach ( $filters as $filter ) { 32 add_filter($filter, 'strip_tags'); 33 add_filter($filter, 'trim'); 34 add_filter($filter, 'sanitize_url'); 35 add_filter($filter, 'wp_filter_kses'); 36 } 37 38 // Display URL 39 $filters = array('user_url', 'link_url', 'link_image', 'link_rss', 'comment_url'); 31 40 foreach ( $filters as $filter ) { 32 41 add_filter($filter, 'strip_tags'); -
branches/2.3/wp-includes/formatting.php
r6150 r6183 1088 1088 } 1089 1089 1090 function clean_url( $url, $protocols = null ) {1090 function clean_url( $url, $protocols = null, $context = 'display' ) { 1091 1091 $original_url = $url; 1092 1092 … … 1104 1104 $url = 'http://' . $url; 1105 1105 1106 $url = preg_replace('/&([^#])(?![a-z]{2,8};)/', '&$1', $url); 1106 // Replace ampersands ony when displaying. 1107 if ( 'display' == $context ) 1108 $url = preg_replace('/&([^#])(?![a-z]{2,8};)/', '&$1', $url); 1109 1107 1110 if ( !is_array($protocols) ) 1108 1111 $protocols = array('http', 'https', 'ftp', 'ftps', 'mailto', 'news', 'irc', 'gopher', 'nntp', 'feed', 'telnet'); … … 1110 1113 return ''; 1111 1114 1112 return apply_filters('clean_url', $url, $original_url); 1115 return apply_filters('clean_url', $url, $original_url, $context); 1116 } 1117 1118 function sanitize_url( $url, $protocols = null ) { 1119 return clean_url( $url, $protocols, 'db'); 1113 1120 } 1114 1121 -
branches/2.3/wp-includes/widgets.php
r6170 r6183 1002 1002 if ( $_POST["rss-submit-$number"] ) { 1003 1003 $newoptions[$number]['items'] = (int) $_POST["rss-items-$number"]; 1004 $url = clean_url(strip_tags(stripslashes($_POST["rss-url-$number"])));1004 $url = sanitize_url(strip_tags(stripslashes($_POST["rss-url-$number"]))); 1005 1005 $newoptions[$number]['title'] = trim(strip_tags(stripslashes($_POST["rss-title-$number"]))); 1006 1006 if ( $url !== $options[$number]['url'] ) {
Note: See TracChangeset
for help on using the changeset viewer.